package com.imooc.security.server;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.social.security.SpringSocialConfigurer;

import com.imooc.security.app.authentication.openid.OpenIdAuthenticationSecurityConfig;
import com.imooc.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.imooc.security.core.authorize.AuthorizeConfigManager;
import com.imooc.security.core.properties.SecurityConstants;
import com.imooc.security.core.properties.SecurityProperties;
import com.imooc.security.core.validate.code.ValidateCodeSecurityConfig;

/**
 * 6.2.10 oauth2资源服务器配置
 * 加了这个等于把app定义成资源服务器，访问资源的时候要先通过认证
 */
@Configuration
@EnableResourceServer
/**
 * 6.2.11 通过restlet client模拟认证获取token，然后模拟请求资源服务器(只有用token才能访问)
 * GET http://127.0.0.1/user/me
 * HEADERS:
 * Authorization: bearer b9e5de3a-945f-443f-838f-296490ebd9ec
 */
// 6.4.4 配置资源服务器
// public class ImoocResourceServerConfig {
/**
 * 6.4.6 测试访问：http://127.0.0.1:8080/authentication/form
 * 【自定义密码模式】
 * HEADERS: 
 * Authorization : Basic aW1vb2M6aW1vb2NzZWNyZXQ= [ Basic Username imooc Password imoocsecret ]
 * Content-Type : application/x-www-form-urlencoded
 * BODY Form:
 * username[Text]=ndood
 * password[Text]=123456
 */
public class ImoocResourceServerConfig extends ResourceServerConfigurerAdapter{

	@Autowired
	protected AuthenticationSuccessHandler imoocAuthenticationSuccessHandler;
	
	@Autowired
	protected AuthenticationFailureHandler imoocAuthenticationFailureHandler;
	
	@Autowired
	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
	
	@Autowired
	private SpringSocialConfigurer imoocSocialSecurityConfig;
	
	@Autowired
	private SecurityProperties securityProperties;
	
	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;
	
	@Autowired
	private OpenIdAuthenticationSecurityConfig openIdAuthenticationSecurityConfig;
	
	@Autowired
	private AuthorizeConfigManager authorizeConfigManager;
	
	/**
	 * 6.4.5 配置http
	 */
	@Override
	public void configure(HttpSecurity http) throws Exception {

		http.formLogin()
			.loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
			.loginProcessingUrl(SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM)
			.successHandler(imoocAuthenticationSuccessHandler)
			.failureHandler(imoocAuthenticationFailureHandler);
		
		http
			// 6.5.1 重新打开验证码
			/*.apply(validateCodeSecurityConfig)
				.and()*/
				
			.apply(smsCodeAuthenticationSecurityConfig)
				.and()
			.apply(imoocSocialSecurityConfig)
				.and()
			
			// 7.3.11 注释掉旧的配置
			/*.authorizeRequests()
				// 7.3.4 抽取通用授权配置到ImoocAuthorizeConfigProvider
				 .antMatchers(
					SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
					  SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_MOBILE,
					  SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_OPENID,
					securityProperties.getBrowser().getSignInPage(),
					SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX+"/*",
					securityProperties.getBrowser().getSignUpUrl(),
					securityProperties.getBrowser().getSession().getSessionInvalidUrl(),
					  securityProperties.getBrowser().getSignOutUrl(),
					"/user/regist",
					"/social/user") // 6.7.11 允许未注册跳转访问 /socialSingUp
					.permitAll()
					
				.anyRequest()
				.authenticated()
				.and()*/
			
			// 6.6.5 引入app微信登录配置，使资源服务器实现openId的登录
			.apply(openIdAuthenticationSecurityConfig)
				.and()			
			
			.csrf().disable();
		
		// 7.3.10 添加通用的授权配置
		authorizeConfigManager.config(http.authorizeRequests());
	}	
	
}
